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(57) Abstract: In a method for operating a conditional access system for broadcast applications, the conditional access system 
comprising a number of subscribers and each subscriber having a terminal including a conditional access module and a secure device 
for storing entitlements, a source signal is encrypted using a first key (C w )- The encrypted source signal is broadcasted for receipt 
by the terminals, wherein entitlement control messages (ECM's) are sent to the secure devices, the ECM's comprising the first keys 
(C w ) encrypted using a service key (P T ). Entitlement management messages (EMM's) are sent to the secure devices providing the 
service key (P T ) required to decrypt encrypted first keys (C w ). A cracked secure device which is used in an unauthorised manner is 
traced by sending different keys required to obtain the first keys to different terminals or groups of terminals and monitoring the key 
information provided by a pirate. To this end search EMM's are sent to at least a part of the terminals, the search EMM's providing 
at least the service key (P T ) and a dummy key (P D i or Pm). At least the search EMM's comprise identifiers identifying the keys (P T 
and P D1 or Prc), wherein first search EMM's with the keys (P T and P D1 ) are sent to a first part of the terminals and second search 
EMM's with the keys (P T and P D 2> are sent to a second part of the terminals An ECM identifying the service key (P T ) to be used to 
decrypt the encrypted first key (C w ), is sent to all secure devices just before the first key (C w ) is needed to decrypt the source signal. 
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Method for operating a conditional access system for broad- 
cast applications 

The invention relates to a method for operating a 
conditional access system for broadcast applications, said 
conditional access system comprising a number of subscribers, 
each subscriber having a terminal including a conditional ac- 
5 cess module and a secure device for storing entitlements, 

wherein a source signal is encrypted using a first key (C w ) / 
said first key (C w ) being changed at a high rate, said en- 
crypted source signal being broadcasted for receipt by the 
terminals, wherein entitlement control messages (ECM's) are 

10 sent to the secure devices, said ECM's comprising the first 

keys (C w ) encrypted using a service key (P T ) / wherein entitle- 
ment management messages (EMM ' s) are sent to the secure de- 
vice providing the service key (P T ) required to decrypt en- 
crypted first keys (C w ) , wherein a cracked secure device which 

15 is used in an unauthorised manner is traced by sending dif- 
ferent keys required to obtain the first keys to different 
terminals or groups of terminals and monitoring the key in- 
formation provided by a pirate. 

Conditional access systems for broadcast applica- 

2 0 tions are used for example in pay television operations 

wherein one has to subscribe to be entitled to watch a chan- 
nel, a service or an event. In view of the high numbers of 
subscribers and thereby high numbers of secure devices dis- 
tributed among the subscribers , the secure devices are open 

25 to attack by unauthorised persons trying to extract the 

• unique key of a secure device . The secure devices are gener- 
ally provided in the form of smart cards. If an unauthorised 

• person or pirate succeeds to extract the unique key, the 
smart card is cracked and the pirate is able to distribute 

30 global keys over the internet, for example the first key or 
service key, to set up a pirate subscriber network. 
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When the service provider establishes that the con- 
ditional access system has been hacked, it is necessary to 
trace the cracked smart card or smart cards. A known method 
to trace a cracked smart card is to perform a so-called bi- 
nary search on the base of smart cards which have been is- 
sued. According to this known method, a false key is pub- 
lished to half the smart cards and a true key to the other 
half. The pirate will publish either the false or true key on 
the internet and from the key published by the pirate, it is 
possible to narrow down to which half of the base the cracked 
smart card belongs. In a next step again a false key is pub- 
lished to one half of this located half of the base of smart 
cards and a true key to the other half of the base and again 
it can be deduced from the key published by the pirate in 
which half the cracked smart card is located. By repeating 
these steps, the cracked smart card can be located and 
switched off. A disadvantage of such a binary search is that 
legal subscribers will continuously see blacked out screens 
during the time the search is performed. If such search ac- 
tivities are repeatedly necessary and continue for long peri- 
ods, this will lead to subscriber dissatisfaction. 

The invention aims to provide a method of the above- 
mentioned type wherein causing blacked out screens at legal 
subscribers is restricted as much as possible or even com- 
pletely avoided. 

To this end the method of the invention is charac- 
terized in that search EMM 1 s are sent to at least a part of 
the terminals, said search EMM'S providing at least the serv- 
ice key (P T ) and a dummy key (P D i or P D2 ) , at least the search 
EMM's comprising identifiers identifying the keys (P T and P Di 
or P D2 ) , wherein first search EMM 1 s with the keys (P T and P D1 ) 
are sent to a first part of the terminals and second search 
EMM's with the keys (P T and P D2 ) are sent to a second part of 
the terminals, wherein an ECM identifying the service key (P T ) 
to be used to decrypt the encrypted first key (C w ) , is sent to 
all secure devices just before the first key (C w ) is needed to 
decrypt the source signal. 
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In this manner it is obtained that at all legal sub- 
scribers, the secure device receives the identification of 
the service key to be used to decrypt the first key in time 
before the first key is needed to decrypt the source signal. 
Therefore there will be no blacked out screens at legal sub- 
scribers. However, when the pirate receives the identifica- 
tion of the service key to be used, the pirate has insuffi- 
cient time to publish the correct key in advance. The delay 
time between the receipt of the identification of the service 
key to be used and the encrypted source signal to be de- 
crypted with the first key is too short to distribute the 
correct key over the internet. Therefore, if the pirate does 
not publish all keys available to the pirate, the pirate sub- 
scribers will have blacked out screens repeatedly depending 
on the rate of publishing dummy keys. In view of the publish- 
ing of all keys available to the pirate, the same type of bi- 
nary search as in the prior art can be applied to locate the 
cracked smart card. 

According to a further embodiment of the method of 
the invention, a set of search EMM 1 s is sent to the termi- 
nals, each search EMM providing two keys (P T and P D i, P T and 
P D 2/.»/ Pt and Pun) . In this manner the number of iteration 
steps in the binary search can be significantly reduced de- 
pending on the size of the set of search EMM's. 

As an alternative embodiment, a set of search EMM's 
is sent to at least a portion of the terminals, each search 
EMM of the set comprising a different dummy key (P D ) and each 
EMM being sent to a different part of the terminals. 

In this manner the cracked smart card or smart cards 
used by the pirate can be located in a few or even only one 
step so that although a blacked out screen will be seen by 
the legal subscribes, this will not lead to subscriber dis- 
satisfaction. 

In a further alternative embodiment of the method of 
the invention the encrypted source signal comprises a stream 
of data packets, wherein successive groups including at least 
one data packet, are encrypted using successive first 
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keys(C wl ,C w2 C wi ,..., C Wn ) , each data packet having a flag in- 
dicating the first key (C W i) to be used for decrypting the 
data packet, wherein in stead of an ECM identifying the serv- 
ice key (P T ) an ECM identifying a dummy key (P D i or P D2 ) to be 
used to decrypt a next encrypted first key <C wi ) , is sent to 
the secure devices of the first and second parts of the ^ter- 
minals, respectively, just before the first key (C w ±) is 
needed to decrypt the source signal, whereas the data packet 
is encrypted using the previous first key(C W i-i) 

In this manner the pirate is forced to respond to 
the ECM by transmitting the first key decrypted by using a 
dummy key, to the pirate decoders. By means of this false key 
published by the pirate the cracked smart card can be traced. 
The service provider actually uses the previous first key to 
scramble the next data packet so that all subscribers can de- 
scramble this data packet using the previous first key which 
is normally still available in the decoder. 

The invention will be further explained by reference 
to the drawings in which an embodiment of a conditional ac- 
cess system for broadcast applications is shown, in which an 
embodiment of the method of the invention is implemented. 

Fig. 1 schematically shows a conditional access sys- 
tem for broadcast applications, in which an embodiment of the 
method of the invention is implemented. 

Fig. 2 schematically shows an example of a key hier- 
archy for use in the conditional access system of fig. 1- 

In the broadcasting application shown, three broad- 
casters 1-3 are coupled with a multiplexer unit 4 comprising 
means for scrambling, encoding and compressing broadcast sig- 
nals provided by the broadcasters 1-3. The thus obtained 
digital data streams are multiplexed into a digital transport 
stream, for example in accordance with the MPEG- 2 standard. 
In the embodiment shown this digital transport stream is 
modulated by way of a modulator 5 before transmission. The 
operator of the equipment including the multiplexer unit 4 
and modulator 5 is responsible for transmitting the signal to 
the receiving equipment of the public, one television set 6 
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being shown by way of example. The transmission of the signal 
may be carried out through one or more telecommunication 
channels including a satellite link 7, terrestrial link 8 or 
a cable system 9. One or more of the broadcasters 1-3 may be 
private broadcasters operating according to the concept of 
pay television, which implies subscription. This means that 
people wishing to view programs broadcasted by a particular 
broadcaster, have to subscribe to such a broadcast, and pay 
the appropriate fee. 

Access to anyone of the broadcast signals provided 
by the broadcasters 1-3 requires a terminal 10 which for the 
subscription requiring services includes a conditional access 
module 11 and a secure device 12, generally provided in the 
form of a smart card which can be connected to the condi- 
tional access module 11. The remaining part of the terminal 

10 is known as such and needs not be described in detail. 

In the broadcast application of fig- 1/ for example 
broadcaster 1 may be a pay television operator using a condi- 
tional access system with a number of subscribers , each sub- 
. scriber having a terminal 10 with conditional access module 

11 and smart card 12. Such a conditional access system may 
use a key hierarchy, an example of which is schematically 
shown in fig. 2. The broadcaster side is shown at the left, 
whereas the subscriber side is shown at the right of fig- 2. 
As shown the broadcaster scrambles the source signal by means 
of a scrambler 13, wherein the source signal is scrambled us- 
ing a first key or control word C w . In this manner an en- 
crypted source signal is obtained which is multiplexed by the 
multiplexer 4. At the subscriber's side, the encrypted source 
signal is descrambled to obtain the clear source signal in a 
descrambler 14 using the first key C w . For security reasons, 
the key C w is generally changed at the high rate, for example 
every ten seconds . 

The control word or first key C w is sent to the sub- 
scribers in so-called entitlement control messages or ECM' s 
which are scrambled as indicated by reference numeral 15 us- 
ing a service key P T . These scrambled ECM's are decrypted at 



WO 01/47271 



6 



PCT/EP00/13394 



the subscriber's side using the same service key P T , as indi- 
cated by reference numeral 16 . At a higher level of hierarchy 
the service keys are sent in so-called entitlement management 
messages or EMM'S in a scrambled manner as indicated by ref- 
erence 17 using a group key G and these scrambled EMM's are 
descrambled at the subscriber's side using the same group key 
G as indicated by reference 18. Finally, a group key can be 
distributed to subscribers using individual smart card keys 
and/or smart card addresses. It will be understood that this 
example of key hierarchy is described by way of non- limiting 

example only. 

As a large number of smart cards 12 is distributed 
among the subscribers of broadcaster 1, these smart cards are 
open to attack by unauthorised persons or pirates to extract 
the secret individual key from the smart card. If a pirate 
succeeds in extracting the individual key, the pirate is able 
to obtain any of the keys used in the conditional access sys- 
tem in the clear and he can distribute keys over the internet 
to subscribers of his pirate network. 

If the broadcaster 1 notices that one or more of his 
smart cards 12 have been cracked, he can start a search for 
the cracked smart card or smart cards in the following man- 



ner . 



Instead of the usual EMM's distributing service keys 
P T , special search EMM's are sent to the terminals 10, wherein 
a search EMM provides a true service key P T and a false or 
dummy key P D i to half of the subscribers and the true service 
key P T and a second dummy key P D2 to the other half. Usually 
an EMM comprises an identifier for the service key and in the 
same manner the search EMM's also comprise identifiers for 
the keys P T and P D1 or P D2 . Of course these search EMM's will 
be received both by the legal subscribers and by the pirate. 
A very short time before the service key P T is to be used to 
decrypt a control word C w , an ECM is published including an 
identifier indicating the key to be used to decrypt the con- 
trol word C„, i.e. the true service key P T - 

The advance warning provided by the ECM comprising 
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the identifier of the service key P T , is just sufficient to 
decrypt the control word C w before the control word is needed 
to decrypt the encrypted source signal. This means that al- 
though the pirate also receives the identifier of the true 
service key P T , there is insufficient time for the pirate at 
the publishing of the ECM to publish the correct key P T in ad- 
vance on the internet. If the pirate does not take any fur- 
ther action, the pirate subscribers will have blacked out 
screens every few minutes of even seconds. This means that 
the pirate is forced to publish the keys required to decrypt 
the ECM in advance of the ECM being transmitted. Through pub- 
lishing either dummy key P D1 or P D2/ the pirate can be located 
by consecutive iteration steps as described above. 

The method described shows the advantage that there 
will be no blacked out screens at the legal subscribers, as 
the smart card 12 at the legal subscribers has sufficient 
time to use the correct service key to descramble the control 
word C w . 

In order to restrict the number of iteration steps, 
a set of search EMM* s could be used, wherein each search EMM 
of the set provides two keys, i.e. the true service key P T and 
a dummy key P T1 or P D2 or . . .ft*. Each EMM of the set is sent 
to a different group of smart cards, so that the dummy key P Di 
published immediately indicates the group of smart cards to 
5 which the cracked one belongs. 

As a further complication to a pirate the following 
method can be applied, wherein some characteristics of an en- 
crypted source signal are used. Generally the encrypted data 
stream comprises data packets, wherein each next data packet 
0 or group of data packets is scrambled using a next first key 
Cwi . A header flag of the data packet or group of data packets 
indicates the serial number i of the first key used for 
scrambling so that the terminal 10 knows which of the first 
keys provided must be used for descrambling a data packet or 
5 group received. According to the invention an ECM is trans- 
mitted which indicates that the next key will be one of the 
dummy keys P D1 or P D2 . However, the next data packet or group 
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is scrambled using the previous first key C W i-i- As the pirate 
can not distinguish between the different keys and can not 
predict whether an indication to use a specific key is true 
or not, the pirate will be forced to publish the key descram- 
5 bled using the dummy key. Through publishing this descrambled 
key the pirate can be located by consecutive iteration steps 
as described above. At the subscribers the header flag of the 
data packet will cause use of the control word C W i-i, so that 
normal operation of the terminal is obtained. This method can 

10 be used advantageously in case a pirate has a very fast re- 
sponding system, which would allow the pirate to publish de- 
crypted first keys only in stead of the dummy key itself. 

In an alternative embodiment of the method de- 
scribed, a cracked secure device can be traced by using a 

15 type of cryptography, wherein it is possible to generate a 
set of keys, each key being capable of decrypting the same 
cryptogram. As an example of such type of cryptography an RSA 
multiple-key cryptographic algorithm or a secret -sharing al- 
gorithm can be used. As the cryptography as such is not a 

2 0 part of the present invention, reference is made to the book 
Applied Cryptography by Bruce Schneier, in particular chapter 
23, for a further explanation of this type of cryptography. 
For example the EMM' s are encrypted using a multiple-key al- 
gorithm having a set of keys P ± capable of decrypting the EMM. 

2 5 Depending on the number of keys of the set and the number of 

terminals, each terminal or each group of terminals is pro- 
vided with a different key Pi, so that if a pirate rebroad- 
casts the key, the source, i.e. the cracked secure device, 
can be traced. It is also possible to apply this special type 
30 of cryptography on the source signal, so that in stead of one 
control word C w a set of control words C± is capable of de- 
crypting the encrypted source signal. 

The same result can be achieved with a secret - 
sharing algorithm, wherein one or more shares are required to 

3 5 derive the key required for obtaining the control words. By 

distributing different shares to different terminals or 
groups of terminals, the cracked secure device can be traced. 
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It is noted that the number of keys or shares need 
not to be large. By varying the grouping structure, i.e. the 
distribution of the terminals on the different groups, it is 
possible to trace the cracked secure device by monitoring the 
sequence of keys or shares which are rebroadcast by the pi- 
rate. It is observed that the same method of varying the 
grouping structure can be used in all above-described embodi- 
ments of the invention. 

If it is deemed acceptable that legal subscribers 
will have a very restricted number of blacked out screens 
during a search for a cracked smart card, the following 
method could be used. A special set of search EMM 1 s is dis- 
tributed to all smart cards, wherein each group of subscrib- 
ers receives a false service key P F . The pirate will distrib- 
ute the false service key which identifies the group to which 
the cracked smart card belongs. Within this group in a fur- 
ther step the cracked smart card can be located by distribut- 
ing within the group a further set of false keys. 

In the embodiments described the conditional access 
module 11 and the secure device 12 are shown as physically 
separate devices. It will be understood that the conditional 
access module and/or the secure device can also be part of 
the terminal 10 or implemented in the terminal 10 by suitable 
programming. Therefore, the terms conditional access module 
11 and secure device 12 as used in the specification and 
claims are not restricted to physically separate parts. 

The invention is not restricted to the above - 
described embodiments which can be varied in a number of ways 
within the scope of the claims . 
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CLAIMS 

1. Method for operating a conditional access system 
for broadcast applications, said conditional access system 
comprising a number of subscribers, each subscriber having a 
terminal including a conditional access module and a secure 
device for storing entitlements, wherein a source signal is 
encrypted using a first key (C w ) / said first key (C w ) being 
changed at a high rate, said encrypted source signal being 
broadcasted for receipt by the terminals, wherein entitlement 
control messages (ECM's) are sent to the secure devices, said 
ECM's comprising the first keys (C w ) encrypted using a service 
key (P T ) / wherein entitlement management messages ( EMM 1 s ) are 
sent to the secure device providing the service key (P T ) re- 
quired to decrypt encrypted first keys (C w ) , wherein a cracked 
secure device which is used in an unauthorised manner is 
traced by sending different keys required to obtain the first 
keys to different terminals or groups of terminals and moni- 
toring the key information provided by a pirate, character- 
ized in that search EMM 1 s are sent to at least a part of the 
terminals, said search EMM's providing at least the service 
key (p t ) and a dummy key (P D i or P D2 ) / at least the search 
EMM's comprising identifiers identifying the keys (P T and P D1 
or P D 2> / wherein first search EMM's with the keys (P T and P D i) 
are sent to a first part of the terminals and second search 
EMM 1 s with the keys (P T and P D2 ) are sent to a second part of 
the terminals, wherein an ECM identifying the service key (P T ) 
to be used to decrypt the encrypted first key (C w ) / is sent to 
all secure devices just before the first key (C w ) is needed to 
decrypt the source signal, 

2. Method according to claim 1, wherein the en- 
crypted source signal comprises a stream of data packets, 
wherein successive groups including at least one data packet, 
are encrypted using successive first key s ( C W i > Cw2 / — / C W i,„., 
C Wn ) # each data packet having a flag indicating the first key 
(C W i) to be used for decrypting the data packet, wherein in 
stead of an ECM identifying the service key (P T ) an ECM iden- 
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tifying a dummy key (P D i or P D2 ) to be used to decrypt a next 
encrypted first key (C W i) , is sent to the secure devices of 
the first and second parts of the terminals, respectively, 

* just before the first key (C W i) is needed to decrypt the 

5 source signal, whereas the data packet is encrypted using the 

* previous first key(Cwi-i). 

3 . Method according to claim 1 or 2 , wherein a set 
of search EMM 1 s is sent to the terminals, each search EMM 
providing two keys (P T and P D i, Pt and P D 2/-»# Pt and P Dn ) • 

10 4. Method according to the preamble of claim 1, 

wherein a set of search EMM's is sent to at least a part of 
the terminals, each search EMM of the set comprising a dif- 
ferent dummy key (P D ) and each EMM being sent to a different 
part of the terminals. 

15 5. Method according to claim 3 or 4, wherein the 

terminals are divided into groups, wherein in a first search 
step the number of search EMM's of the set of search EMM's 
corresponds to the number of groups . 

6. Method according to the preamble of claim 1, 

20 wherein the source signal or the ECM's are encrypted using a 
multiple -key or secret -sharing cryptographic algorithm having 
a plurality of different decrypting keys or shares (Ci;Pi) re- 
quired for decrypting the encrypted source signal or ECM's, 
respectively, wherein said plurality of different decrypting 

2 5 keys or shares (Ci;Pi) are sent to at least a part of the ter- 
minals such that different terminals or groups of terminals 
receive different keys or shares (C±;Pi) according to a prede- 
termined distribution. 

7 . Method according to any one of the preceding 
30 claims, wherein the distribution of the terminals in groups 

of terminals is varied to trace the cracked secure device. 
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